SentinelOne
CVE Vulnerability Database
Vulnerability Database/CVE-2024-50603

CVE-2024-50603: Aviatrix Controller RCE Vulnerability

CVE-2024-50603 is a critical RCE vulnerability in Aviatrix Controller allowing unauthenticated attackers to execute arbitrary code via shell metacharacters. This article covers technical details, affected versions, and remediation.

Updated:

CVE-2024-50603 Overview

An issue was discovered in Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996. Due to the improper neutralization of special elements used in an OS command, an unauthenticated attacker is able to execute arbitrary code. Shell metacharacters can be sent to /v1/api in cloud_type for list_flightpath_destination_instances, or src_cloud_type for flightpath_connection_test.

Critical Impact

This vulnerability allows unauthenticated remote code execution, potentially leading to full control over the impacted system.

Affected Products

  • Aviatrix Controller 7.1.4191
  • Aviatrix Controller 7.2.x before 7.2.4996

Discovery Timeline

  • 2025-01-08 - CVE CVE-2024-50603 published to NVD
  • 2025-11-05 - Last updated in NVD database

Technical Details for CVE-2024-50603

Vulnerability Analysis

This vulnerability arises from improper input sanitization in Aviatrix Controller API endpoints, which allows shell command injection through unsanitized input fields. Specifically, the issue occurs when special shell metacharacters are included in parameters that are supposed to be passed as text arguments.

Root Cause

The root cause is the inadequate neutralization of special characters in the parameters cloud_type and src_cloud_type in API commands, leading to possible command execution on the host system.

Attack Vector

The attack can be launched remotely over the network by sending specially crafted HTTP requests to the vulnerable API endpoints.

python
# Example exploitation code (sanitized)
import requests

url = "http://vulnerable-controller/api"
data = {"cloud_type": "; rm -rf / #"}  # Malicious command injection
response = requests.post(url, data=data)
print(response.content)

Detection Methods for CVE-2024-50603

Indicators of Compromise

  • Unusual commands executed in system logs
  • Unexpected outbound connections
  • Unrecognized modifications to system configuration files

Detection Strategies

Utilize intrusion detection systems (IDS) to monitor for specific API call patterns that include suspicious shell metacharacters. Leverage logs to identify abnormal HTTP requests to the vulnerable endpoints.

Monitoring Recommendations

Consistently review Aviatrix Controller logs for indications of command injections. Implement network traffic analysis tools to flag anomalous API requests.

How to Mitigate CVE-2024-50603

Immediate Actions Required

  • Update to Aviatrix Controller versions 7.1.4191 or 7.2.4996 or later
  • Restrict network access to the API endpoints
  • Implement input validation and sanitation measures

Patch Information

The vendor has released patches in versions 7.1.4191 and 7.2.4996 to address this vulnerability. Refer to Aviatrix PSIRT Advisories for details.

Workarounds

Apply ingress and egress filtering at network boundaries to limit potential command injection attempts. Implement strict input validation on client-side applications interfacing with the Aviatrix Controller API.

bash
# Configuration example
iptables -A INPUT -p tcp --dport 443 -s trusted_ip -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j DROP

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne